ldap-git-backup(1) check in LDIF from an LDAP server into a GIT repository


ldap-git-backup [options]

ldap-git-backup --help


ldap-git-backup takes an LDIF dump of an LDAP server and updates a GIT repository that serves as a versioned backup.

ldap-git-backup splits the LDIF data into separate entries. It constructs unique but stable file names using a combination of the creation time stamp for ordering and the DN as the unique key for an entry.


--ldif-cmd <dump_ldif_command>
Specify a command to create a complete LDIF dump of the LDAP directory suitable for a backup. It should contain all entries necessary to restore the LDAP database. By default "/usr/sbin/safe-ldif" is taken which calls "/usr/sbin/slapcat" from OpenLDAP.

If you have access to an LDAP server over the network you can use ldapsearch as your "--ldif-cmd". Example:

  --ldif-cmd 'ldapsearch -u -x -o ldif-wrap=no \
  -H ldaps://ldap.example.org -b dc=example,dc=org'

If you need to log in to a certain server first you would use something along the lines of

  --ldif-cmd 'ssh host.example.org ldapsearch -u -x -o ldif-wrap=no \
  -H ldaps://ldap.example.org -b dc=example,dc=org'

You can make this as complicated as you like as long as it fits into a one line command. If you need more you may want to create a script for the purpose.

--backup-dir <backup_directory>
Specify the directory where the GIT repository for the versioned backup is held. Default: /var/backups/ldap
--commit-msg <commit_string>
Specify a custom commit message. Default: ldap-git-backup


  --commit-msg "Import $(date --rfc-3339=seconds)"
--commit-date <date_string>
--commit-date <file>
Specify a custom commit date. If a file is given its modification time is used.
Do not perform a garbage collection (git gc) after checking in the new backup. By default gc is done so as to keep the size of the backup down. You may want to skip gc for the occasional backup run but leave it on for the scheduled backups.
Prints this page.


Elmar S. Heeb <[email protected]>